
### Erstellen GEO-IP Objekte ###
config firewall address
    edit "net_geo_russland"
        set type geography
        set comment "Geo IP Russland"
        set color 6
        set country "RU"
    next
    edit "net_geo_belarus"
        set type geography
        set comment "Geo IP Objekte Weissrussland"
        set color 6
        set country "BY"
    next
end
### Erstellen Gruppe ###
config firewall addrgrp
    edit "net_geo_blocken"
        set member "net_geo_belarus" "net_geo_russland"
        set comment "geo IP Objekte zum blocken"
        set color 6
    next
end

### Erstellen localIn Policy fuer ALLE Interface  ###
config firewall local-in-policy
    edit 0
        set intf "any"
        set srcaddr "net_geo_blocken"
        set dstaddr "all"
        set service "ALL"
        set schedule "always"
        set action deny        
        set comments "Blocken von unerwuenschten geographischen Regionen"
    next
end

    